Conventionally virtual private network (VPN) service providers publish a large number of public IP addresses for clients to reach their services. For purposes of this disclosure, these addresses are known as “ingress” addresses because they are used as entry points into the service. Using a large number of ingress addresses is generally necessary for several reasons because ingress addresses may be blocked by Internet service providers (ISPs) or even sovereign nations to prevent users from accessing VPN services. Moreover, web-scale VPN services typically require a large, geographically decentralized infrastructure that is supported by thousands of individual server nodes. Distributing clients among numerous ingress addresses is necessary to effectively scale the service.
When a VPN client accesses an external web site, the VPN server performs a network address translation (NAT) on the packets to transform the source address of the packet to an “egress” address, (i.e. the address of the VPN server node). Accordingly, the web site visited by the VPN client will “see” the client's IP address as being that of the VPN server (the egress address)—the real IP address of the client is hidden from the web site.
VPN service providers must also host a large number of egress addresses because many web sites will not operate correctly if too many users from the same egress address attempt to concurrently access the site. In addition, some web sites actively discriminate against VPN users by attempting to block access from known VPN egress addresses. This requires large VPN service providers to supply hundred or thousands of VPN server nodes to handle potentially millions of concurrent client connections. VPN service networks operate most efficiently when each individual server node “owns” its own set of egress addresses.
Another reason to have a large supply of egress addresses is to combat distributed denial-of-service attacks (DDoS). To prevent these attacks from degrading network-wide service quality, it is necessary to immediately remove an attacked egress attack from the network, replacing it with a new address.